Which below listed statements are true

$$ Session IDs stored in cookies are secure against theft through cross$-$site scripting attacks.

$$ The cross$-$site request forgery $($CSRF$)$ attack can be countered if the web browser sends all cookies it has matching a domain to a corresponding web server.

$$ In a DNS rebinding attack, an attacker first convinces the victim's browser to request a resource from a specific domain.

$$ Reasons to attack a computer system through its web service usually do not include sending out spam, denial of service or infecting with malware.

Which of the statements on web applications security are correct

$$ The web browser will send to a corresponding server all cookies it has matching a domain after a link is clicked.

$$ Stored XSS attacks are served to every user who visits the affected part of the web page.

$$ Using referer header validation is a reliable method for preventing CSRF attacks.

$$ Links and images are considered as exceptions of the single origin policy $($SOP$)$ in web applications security

Which of following statements are correct

$$ Session tokens should be rotated frequently to prevent session hijacking attacks.

$$ An SSL certificate is required to implement HTTPS on a website.

$$ In a DNS rebinding attack, the attacker tricks the victim's browser into accessing a resource on a domain that the attacker controls by first having the browser make a request to a domain that is controlled by the attacker, and then dynamically changing the IP address associated with that domain to point to the target resource.

$$ HTTPS is only effective against eavesdropping and does not provide any protection against tampering or data injection.

Which of following statements are correct

$$ Session tokens should be rotated frequently to prevent session hijacking attacks.

$$ An SSL certificate is required to implement HTTPS on a website.

$$ In a DNS rebinding attack, the attacker tricks the victim's browser into accessing a resource on a domain that the attacker controls by first having the browser make a request to a domain that is controlled by the attacker, and then dynamically changing the IP address associated with that domain to point to the target resource.

$$ HTTPS is only effective against eavesdropping and does not provide any protection against tampering or data injection.

Which of the below listed statements are true

$$ Cross$-$Site Scripting attacks can be classified into two types: Stored XSS and Reflected XSS$.$

$$ Relying solely on passwords for authentication provides a high level of security for web applications.

$$ Cross$-$Site Scripting attacks are only effective against users who have disabled JavaScript in their web browsers.

$$ Cross$-$site scripting $($XSS$)$ attacks can be countered with disallowing or filtering HTML tags in users' posts.

Which of the below listed statements are true

$$ Cross$-$Site Scripting attacks can be classified into two types: Stored XSS and Reflected XSS$.$

$$ Relying solely on passwords for authentication provides a high level of security for web applications.

$$ Cross$-$Site Scripting attacks are only effective against users who have disabled JavaScript in their web browsers.

$$ Cross$-$site scripting $($XSS$)$ attacks can be countered with disallowing or filtering HTML tags in users' posts.